CVE-2022-39270

CVE-2022-39270 affects the DiscoTOC Discourse theme component. The vulnerability arises from lack of escaping/filtering of input data on pages that can create topics in toC-enabled categories, allowing users with topic-creation rights and sufficient trust level to inject arbitrary HTML on the top...

CVE-2022-39270 Arbitrary HTML injection in table-of-contents theme component in DiscoTOC

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...

CVE-2020-19586

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI...

CVE-2020-19587

Cross Site Scripting XSS vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI...

Cross site scripting

Cross Site Scripting XSS vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI...

CVE-2020-19586

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI...

Yellowfin 跨站脚本漏洞

Yellowfin is a suite of innovative data and analytics products from Yellowfin Australia. A security vulnerability exists in Yellowfin Business Intelligence version 7.3 that stems from incorrect access control. An attacker could exploit the vulnerability to escalate privileges via MIAdminStyles.i4...

Yellowfin 跨站脚本漏洞

Yellowfin is a suite of innovative data and analytics products from Yellowfin Australia. A security vulnerability exists in Yellowfin Business Intelligence version 7.3, which stems from a cross-site scripting XSS vulnerability found to be contained in the configMap parameter. An attacker could...

Malicious Package

Overview lib-admin-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious code in admin-ui-extensions-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2734426856f28472d04c035064bc06310af65937b72de37955bfa261c7dde5a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-864 Malicious code in admin-ui-extensions-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2734426856f28472d04c035064bc06310af65937b72de37955bfa261c7dde5a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lib-admin-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5698b187e32735c01b7b4cd91b98099a130910341c1c82b96030b5256eadaf0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4296 Malicious code in lib-admin-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5698b187e32735c01b7b4cd91b98099a130910341c1c82b96030b5256eadaf0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-99RH-VXMC-7WGF ezplatform-admin-ui Cross-site Scripting (XSS) vulnerability

An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4...

ezplatform-admin-ui Cross-site Scripting (XSS) vulnerability

An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4...

Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object...

GHSA-WGW2-GW4V-9W4J Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object...

Improper Neutralization of Input During Web Page Generation in Apache Solr

Multiple cross-site scripting XSS vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the 1 Analysis page, related to webapp/web/js/scripts/analysis.js or 2...

GHSA-MX2H-HF7J-2X3P Improper Neutralization of Input During Web Page Generation in Apache Solr

Multiple cross-site scripting XSS vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the 1 Analysis page, related to webapp/web/js/scripts/analysis.js or 2...

Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...